scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-06 21:28:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
128,234 Commits 1 Branch 0 Tags
b51cbb1d17ca680139d306b43a88c723e72a6103
Commit Graph

3338 Commits

Author SHA1 Message Date
Anish Ramasekar
62809dd0de node audience restriction: use csi translator to convert intree inline_vol/pv to csi 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-02-06 13:17:16 -06:00
Anish Ramasekar
d6c50c391d node audience restriction: add unit tests to simulate intree inline_vol/pv to csi failure 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-02-06 12:13:34 -06:00
Kubernetes Prow Robot
2bda5dd8c7 Merge pull request #129656 from vinayakankugoyal/kep2862beta 
KEP-2862: Graduate to BETA.
 2025-01-27 19:05:23 -08:00
Davanum Srinivas
4e05bc20db Linter to ensure go-cmp/cmp is used ONLY in tests 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-01-24 20:49:14 -05:00
Vinayak Goyal
3a780a1c1b KEP-2862: Graduate to BETA. 2025-01-24 21:36:00 +00:00
Kubernetes Prow Robot
2deb8af139 Merge pull request #129670 from cslink/fix-ephemeral-container-secrets 
Fix ephemeral container secret references
 2025-01-23 15:53:20 -08:00
Antonio Ojea
ddfc4d3e58 update text fixtures for rbac 2025-01-20 13:01:53 +00:00
Cordelia Link
9898bfdbda Remove unused test code 2025-01-17 02:52:41 +00:00
Cordelia Link
fca697aca0 Add logic to check for new ephemeral containers on pod update and update secret cache if they exist. 2025-01-17 02:49:36 +00:00
Quan Tian
3571992ffc Add watch permission to namespace-controller for WatchListClient feature 
The WatchListClient feature is enabled for kube-controller-manager, but
namespace-controller misses the necessary "watch" permission, which
results in 30 error logs being generated every time a namespace is
deleted and falling back to the standard LIST semantics.

Signed-off-by: Quan Tian <quan.tian@broadcom.com>
 2024-12-13 18:15:00 +08:00
Patrick Ohly
8a908e0c0b remove import doc comments 
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:

- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.

This commit was generated with
   sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')

Everything was included, except for
   package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
 2024-12-02 16:59:34 +01:00
Kubernetes Prow Robot
c25f5eefe4 Merge pull request #128407 from ndixita/pod-level-resources 
[PodLevelResources] Pod Level Resources Feature Alpha
 2024-11-08 07:10:50 +00:00
ndixita
28dea49c04 Limit Range changes to validate against Pod Level Resources 2024-11-08 03:00:54 +00:00
Richa Banker
da8dc433e9 Add flagz implementation and enablement in apiserver 2024-11-07 17:11:49 -08:00
Kubernetes Prow Robot
60651eb172 Merge pull request #125577 from richabanker/statusz 
Add statusz endpoint for apiserver
 2024-11-08 01:04:43 +00:00
Richa Banker
8bf6eecedf add statusz implementation and enablement in apiserver 2024-11-07 12:37:38 -08:00
Stanislav Láznička
a4b83e77d9 trustbundles: add a new kube-apiserver-serving signer 2024-11-07 18:07:06 +01:00
Kubernetes Prow Robot
28900b8069 Merge pull request #128077 from aramase/aramase/f/kep_4412_sa_node_aud_restriction 
Enforce service account node audience restriction
 2024-11-06 23:17:28 +00:00
Kubernetes Prow Robot
dfba334a33 Merge pull request #128242 from jsafrane/selinux-controller 
1710: Add SELinux warning controller
 2024-11-06 20:09:44 +00:00
Anish Ramasekar
e93d5d5425 Enforce sa token node audience restriction when ServiceAccountNodeAudienceRestriction=true 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-11-06 09:51:40 -08:00
Jan Safranek
df88b1a771 Add all RBAC rules for the SELinux controller 
The SELinuxWarningController does not necessarily need permissions to read
the objects, because it gets them through a shared informer instantiated by
KCM itself, but let's list the permissions for completeness.
 2024-11-06 13:06:52 +01:00
Patrick Ohly
33ea278c51 DRA: use v1beta1 API 
No code is left which depends on the v1alpha3, except of course the code
implementing that version.
 2024-11-06 13:03:19 +01:00
Jan Safranek
aa8872d7a3 Add SELinux warning controller 2024-11-06 11:16:02 +01:00
Anish Shah
832d7f7dc2 apply feedback 2024-11-06 01:33:15 +00:00
Anish Shah
dc3c4ed559 pod resize support in LimitRanger admission plugin 2024-11-06 01:33:15 +00:00
Kubernetes Prow Robot
f81a68f488 Merge pull request #128377 from tallclair/allocated-status-2 
[FG:InPlacePodVerticalScaling] Implement AllocatedResources status changes for Beta
 2024-11-05 23:21:49 +00:00
Kubernetes Prow Robot
08391b3d27 Merge pull request #123549 from carlory/kep-3751-finalizer 
A new controller adds/removes finalizer to VAC for protection
 2024-11-05 21:45:30 +00:00
Tim Allclair
dc45ae38c6 Clarify limit ranger use of status resources 2024-11-05 09:21:22 -08:00
Tim Allclair
f557903263 Delete unusued max resources function 2024-11-01 14:46:56 -07:00
Tim Allclair
6cb301a56f Don't consider allocated resources for limitranger constraints 2024-11-01 14:10:14 -07:00
Kubernetes Prow Robot
352056f09d Merge pull request #127757 from torredil/scheduler-bugfix-5123 
scheduler: Improve CSILimits plugin accuracy by using VolumeAttachments
 2024-10-23 18:12:52 +01:00
torredil
56f2b192cc scheduler: Improve CSILimits plugin accuracy by using VolumeAttachments 
Signed-off-by: torredil <torredil@amazon.com>
 2024-10-18 19:02:14 +00:00
Kubernetes Prow Robot
f5ae0413ca Merge pull request #126347 from vinayakankugoyal/kep2862impl 
KEP-2862: Fine-grained Kubelet API Authorization
 2024-10-18 03:53:04 +01:00
Vinayak Goyal
b1f290d444 KEP-2862: Fine-grained Kubelet API Authorization 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-10-17 20:53:27 +00:00
Patrick Ohly
f84eb5ecf8 DRA: remove "classic DRA" 
This removes the DRAControlPlaneController feature gate, the fields controlled
by it (claim.spec.controller, claim.status.deallocationRequested,
claim.status.allocation.controller, class.spec.suitableNodes), the
PodSchedulingContext type, and all code related to the feature.

The feature gets removed because there is no path towards beta and GA and DRA
with "structured parameters" should be able to replace it.
 2024-10-16 23:09:50 +02:00
Kubernetes Prow Robot
67cdc26214 Merge pull request #127497 from pohly/dra-scheduler-queueing-hints-fix 
DRA scheduler: fix queuing hint support
 2024-09-30 23:21:48 +01:00
Patrick Ohly
aee77bfc84 DRA scheduler: add special ActionType for ResourceClaim changes 
Having a dedicated ActionType which only gets used when the scheduler itself
already detects some change in the list of generated ResourceClaims of a pod
avoids calling the DRA plugin for unrelated Pod changes.
 2024-09-27 16:53:58 +02:00
Kubernetes Prow Robot
9571d3b6c6 Merge pull request #125995 from carlory/remove-unnecessary-permissions 
remove unneeded permissions for volume controllers
 2024-09-24 15:38:00 +01:00
Mangirdas Judeikis
4e4eb8c5c9 wire in ctx to rbac plugins 2024-09-17 20:04:02 +03:00
Antoni Zawodny
2156efa7b3 Make Node authorizer's index authoritative for unauthorized calls 2024-09-06 09:26:19 +02:00
Antoni Zawodny
cf93a5bfa8 Clean up Node authorizer's non-thread-safe method names 2024-09-03 21:27:24 +02:00
carlory
a9de9a3d07 controller-manager adds a new controller named volumeattributesclass-protection-controller which adds/removes finalizer to VAC for protection 2024-08-30 15:00:46 +08:00
Kubernetes Prow Robot
71389d5082 Merge pull request #126920 from atiratree/statefulset-autodelete-pvc-rbac 
add missing RBAC to statefulset-controller for StatefulSetAutoDeletePVC feature
 2024-08-28 19:29:10 +01:00
Filip Křepinský
55efd85c10 add missing RBAC to statefulset-controller for StatefulSetAutoDeletePVC feature 2024-08-26 13:57:50 +02:00
Cici Huang
0f19faf9be Remove feature gate ValiatingAdmissionPolicy after stable. 2024-08-22 17:39:18 +00:00
carlory
ae9e381f6c remove unneeded permissions for system:controller:persistent-volume-binder and system:controller:expand-controller clusterroles 2024-08-21 12:01:53 +08:00
Kubernetes Prow Robot
5fdab96c6c Merge pull request #121997 from dongjiang1989/admission-ioutil 
chores: Replace deprecation ioutil fucntions
 2024-08-13 14:44:42 -07:00
Micah Hausler
a7af830209 Rename kubelet CSR admission feature gate 
Retitle the feature to the affirmative ("AllowInsecure...=false") instead of a
double-negative ("Disable$NEWTHING...=false") for clarity

Signed-off-by: Micah Hausler <mhausler@amazon.com>
 2024-07-29 10:14:19 -05:00
Jefftree
b5a62f14cd CLE rbac for lease and leasecandidate in kube-system 2024-07-24 14:38:11 +00:00
Kubernetes Prow Robot
107f621462 Merge pull request #126108 from gnufied/changes-volume-recovery 
Reduce state changes when expansion fails and mark certain failures as infeasible
 2024-07-23 13:30:56 -07:00